20 lines
1.2 KiB
Markdown
20 lines
1.2 KiB
Markdown
# SSH for webhook (git fetch in container)
|
|
|
|
When the app runs in Docker and the webhook does `git fetch origin <branch>`, git uses SSH. The container has no keys by default, so you get "Host key verification failed" or "Permission denied".
|
|
|
|
## Setup
|
|
|
|
1. **Deploy key** (read-only key for the repo you index):
|
|
- Generate: `ssh-keygen -t ed25519 -f docker/ssh/id_ed25519 -N "" -C "rag-agent-deploy"`
|
|
- Add the **public** key (`docker/ssh/id_ed25519.pub`) to your Git server (GitHub/GitLab/… → repo → Deploy keys).
|
|
|
|
2. **Known hosts** (optional; `GIT_SSH_COMMAND` in compose accepts new host keys on first connect):
|
|
- To pin the host key: `ssh-keyscan -t ed25519 git.example.com >> docker/ssh/known_hosts`
|
|
- Replace `git.example.com` with your Git host (e.g. `github.com`, `git.lesha.spb.ru`).
|
|
|
|
3. **Permissions**: key file must be readable only by you, e.g. `chmod 600 docker/ssh/id_ed25519`.
|
|
|
|
4. **Compose**: by default this directory is mounted into the app container as `/root/.ssh`. Override with `RAG_SSH_DIR` in `.env` if you use another path (e.g. `RAG_SSH_DIR=/Users/you/.ssh` to use your main SSH dir).
|
|
|
|
After that, restart the app: `docker compose up -d`.
|